Forensic Computing and Identity Theft - Essay Example

Forensic Computing and Identity Theft Forensic computing and identity theft have become exceptionally significant areas in technological studies demanding special consideration so as to protect the identity rights of e-consumers. This report is a discussion about identity theft and respective computer forensics techniques and investigation. First of all, an introduction has been given which gives a better understanding of the topic. Common ID theft crimes and security issues are discussed. Some laws have been discussed to have a clear view of what steps have been taken to ensure the e-consumers’ data protection. The forensic investigative procedure is explained with the help of a case study. Then, social, ethical and moral issues regarding identity theft have been discussed both from the user’s and the investigator’s side. The report is summarized in a concluding paragraph. APA referencing has been used properly. Keywords: identity, theft, investigation, criminal, computer, forensic, internet, security 2. Introduction Before going into the niceties of ethical, moral and social issues vis-à-vis identity theft in forensic computing, let’s first get introduced to what forensic computing actually is and what is identity theft. Computer forensics or cyber forensics is a very imperative topic in information systems and networks management. Forensics is the structured procedure of gathering, examining and showing facts and evidences to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT 2008). This involves the seeking, locating and securing the electronic data so as to provide evidence. This electronic or magnetically encoded data may include text messages, databases, pictures, e-mail, websites, spyware, malware, and so on. The evidence collected is strong and indisputable as compared to any other branch of forensic science because a copy that is made of the collected data is identical to the actual data and there is no room left for dispute. The whole concept revolves around the idea that a structured investigation is carried out to find out what exactly happened to the computer, when it happened, how it happened, and who did it. This is just like solving a murder case and performing postmortem. The operator does not know that the evidence information is transparently being created and stored by the computer’s operating system which can only be extracted through computer forensics software tools and techniques. The crimes include misuse of computer systems, attack on computer systems, using a computer system to work against another system, failure of a computer system, and the list continues. Identity theft is the crime that involves stealing of a person’s private information “in order to impersonate that person in a legal sense”, according to Vacca (2005: 137). When a person’s identity is stolen, he is at great risk of facing a terrifying number of monetary and individual dealings done in his name by the thief. Technology, along with its pros, has introduced exceedingly technical and chic means of acquiring someone’s basic identifying information. Whatever means the thief uses, identity theft brings great damage to the victim’s name and reputation as the victim is solely left responsible for whatever financial or personal loss he faces. One often has to reveal bits of his personal information while doing online transactions, such as, his name, address, telephone number, bank information, credit card information, and etcetera. The thief, after stealing this information, can misuse it by, for instance, applying for loans in the victim’s name, changing his billing address, obtaining driving license, applying for jobs, applying for insurance or new banking accounts, getting authorization for electronic transfers by using the victim’s electronic signature, or any other fraud. On the internet, identity theft is being accomplished using techniques like sending Trojan horses, which are destructive programs, into the computer system, and important passwords and useful information like social security number is transferred to the thief. Another way to steal identity is email phishing. The victim is sent emails telling the victim that they are from so-and-so enterprise and scamming him by directing him to a fake website which asks for his personal information. Though, internet identity theft has made people uncertain about shopping and selling online, checking their bank statements online, visiting auction websites or entering into business contracts or transactions; however, computer forensics has played its part in helping law enforcement agencies in gathering digital evidence and identifying stolen identities as well as the criminals involved (Newman 2009). 2.1. Common Identity Theft Crimes Financial crimes mainly take account of the misuse of the victim’s credit card information, bank account information, social security number, or insurance information. Anderson (2008) asserts that “criminals can acquire this information easily by searching through discarded trash, social engineering over the telephone or through outright theft of the data”. The thief can initiate fraudulent financial activities by creating fake identities. Counterfeit bank statements and checks can be created using special softwares and tools. Photographs can be edited using easy applications. Thanks to computer forensics methods and tools, it is possible to discover and document electronic evidence. Another form of identity theft is the taking and sharing of nude pictures of persons without their ever knowing it and distributing it over the internet as pornographic material. Placing hidden and covert cameras at public and private places, taking pictures and then disclosing them is also regarded as identity theft. Websites taking personal information from children and softwares helping the criminal to edit photographs has made it much easier to illegally distribute the images and enhance child pornography. Identity theft has also raised the problem of cyber stalking. Anderson (2008), who works with NTI (New Technologies, Inc.) writes that: NTI was involved in a case where an individual assumed the identity of a past employee that had been discharged by a business. That identity was used, over the Internet, to terrorize a female Human Resources Manager who had fired the individual. After several weeks of investigation we discovered that the communications were fabricated by a peer worker within the corporation. This, and many other such cases occurring due to insecure internet environment, have been identified and solved by forensic computing strategies. 3. Identity Theft and Security Issues Computer forensics security solutions focus not only on recovery but also on prevention of security threats in order to provide securer solutions that are quicker and cheaper than the conventional techniques. These solutions include intrusion detection system (IDS), internet security system, biometric security system, net privacy system, firewall set-ups, network disaster security system, identity theft prevention system, identity management security system, and so on (Vacca 2005: 146). Wireless network security is one of the main concerns since wireless networks strengthened their roots in the tech world and issues of personal information theft arose. Every wireless network has its security risks. Hackers can easily get into the network and obtain personal information much enough to break into the victim’s bank account. However, wireless networks set up at homes are quite reliable as they are established in such a way that hackers cannot break into unless there is a particular access code (Hernandez 2008). When a person connects to the internet through a wireless network, the computer suggests several signal choices, some of which are secure and some are not. Secure ones need a password to get hooked. A hacker cannot break into secured networks as wireless network security for them is turned on. Point to consider is that one should never carry out personal transactions or banking or financial activities at place that offer free wireless networking like hotels and airports as one can never be sure of wireless network security at such places. Even if it is guaranteed, it is always better to clear out the history and cookies from the computer system that has been in use for the purpose of personal dealings. A thief, who happens to steal a person’s social security number (SSN), has all chances to get to his detailed personal information, according to Social Security Administration (2009: 2). The thief can then have access to all identification information from the databases and other data repositories that use SSNs as primary keys. He can then use his credit card information to apply for loans, do shopping and the leave the victim to pay the bills. The situation may lead to bankruptcy which can blow the victim out of his senses. Keller states that identity theft has become one of the most important military issues of the new millennium (2007). Military has started relying heavily upon information technology for inter-communication, controlling vehicles and maneuver of security forces, inspection and processing of military signals. Thus, it becomes important to protect all sensitive and confidential information from enemy countries. More precisely, the objective of military information security is to protect its computers and information networks from intruders so as to eliminate the risk of crucial security information getting stolen, snooped into, disclosed or corrupted. Since, unlike previous decades, information technology has largely been incorporated in the military field, the enemy might get advantage by destroying or entering into the computer network. 4. Laws and Legislation There are a number of laws that have been passed to eliminate the risk of identity theft. Some of these include: 4.1. Computer Fraud and Abuse Act (CFAA) CFAA was designed in 1984 and deals with penalties for the intruders who gain access to sensitive information stored in a computer without authorized access. Computers have to be protected when the consumers carry out commercial activities, engage in cross-border e-commerce, and make online business transactions and email communications with online traders. It is illegal for anyone to get access to the transactional information without the consent of the party involved. The term protected computer is used in the Act to refer to those computers which is being used by financial institutions for the purpose of carrying out national or international e-commerce. The Act applies penalties upon the identity thieves starting from 10 years to 20 years of imprisonment. 4.2. Electronic Communications Privacy Act (ECPA) ECPA was designed in the 1980s and enacted by the Congress. It applies penalties upon the persons who gain access to and make illegal use of the sensitive information that has been exchanged between the consumers and the online vendors through electronic communication techniques such as electronic mails, text messages, video conferences, chatting, and etcetera. Title I of ECPA deals with the protection of electronic communication that is transferred through voice, wire, sounds or signals; whereas, Title II, which is also referred to as Stored Communications Act (SCA), deals with the protection of stored communication like text messages and chats. Title III deals with the prohibition of using trap and trace devices that could record the electronic communication going on between the two parties without obtaining a search warrant for doing so. It is also obligatory for the Police to take the consent of the party involved prior to using his taped conversation. ECPA is said to have restricted the concept of online consumer profiling. Consumer profiles are made by the websites by the use of cookies which tend to store the consumer’s information when they visit a specific website. This information can then be illegally used by the websites which make online profiles of the consumers and make illegal use of their transactional information. The only exception here involved is that the consumer’s information can only be used with his consent. Thus, this Act ensures that consumers do not face the risk of identity theft. 4.3. Children’s Online Privacy Protection Act (COPPA) COPPA was designed in 1998 and became effective on April 2000. COPPA put forward rules and regulations that are to be applied on the commercial website owners and internet service providers who know which websites are being used by children and collect personal information from them with or without their parents’ consent. They are checked how they make use of this information. The operators are told to maintain a privacy policy on their websites and on every such page where personal information is being collected from young children. They are required to take the parental consent before collecting the information and are under the obligation of keeping that information confidential and safe. COPPA ensures that the parents are provided a description of the personal information collected from their children along with the confirmation that the information has not been disclosed or sold to any third party so that they may decide to let their children keep using the website or block it. “In 2000, the Federal Trade Commission filed its first action under COPPA, against a website called Toysmart” (eNotes 2009) which started selling the information collected from children after its bankruptcy. However, Toysmart was afterwards allowed to sell its database only to an authorized buyer and only under the regulations put forward by COPPA. 4.4. Health Insurance Portability and Accountability Act (HIPAA) This law was passed in order to eliminate the menace of identity theft. This information could either be stored in and exchanged through hard copied files or computer systems. The need for secure online networks initially arose when issues like computer viruses and internet fraud posed a threat to the security and privacy of data stored on online servers and health records. The consumers began to worry about their personal information so they had to be made sure that their data will not be affected or disclosed without their consent. So, Health Insurance Portability and Accountability Act (HIPAA) was put forth by U.S. Congress on August 21, 1996. Title II of HIPAA deals with the privacy issue of the consumer’s data and presents Privacy Rule which ensures fines and punishments for fraud and violation of the rule. The rule gives consumers the right to file complaints if they find anybody obtaining, selling or disclosing their information. This way, they can have their data protected and their communications confidential. 5. Identity Theft and Forensic Investigation Procedure 5.1. Digital Data Before getting into the details of investigative procedure, let’s get to know types of digital data that is to be gathered. There are two types of this data. Persistent data is data which is stored in the computer’s memory or ROM (Read Only Memory) permanently and remains there even if the computer is powered off. Volatile data is data which is stored in RAM (Random Access Memory) and gets deleted when the system is powered off. This volatile data can be of more importance and thus it should be made sure that the computers should be kept on if they were on at the scene of crime. 5.2. Investigative Procedure It is important for computer forensic investigators to follow a structured approach to solve computer and internet based identity theft cases (see Figure 1). Computer crime involving ID theft can be grouped as physical security breaches, personnel security breaches, communications and data security breaches, and operations security breaches (Icove et al., cited in Angelopoulou 2007). A detailed investigation of the case requires that every security breach is analyzed independently to get a more systematic approach towards case solving. The digital examination of ID theft cases requires great expertise at the investigator’s end. The evidence or data that is collected is the valuable asset and has to be dealt with sensitivity as it will help in deciding the specifications of the crime. Digital data is so delicate that it can be altered with one mistaken tap on the keyboard or one inadvertent press of a key. The forensic investigator will have to use some offline techniques in addition to online techniques. Although offline techniques are not the responsibility of a forensic investigator, but of course, he can use them to help himself toward finding the evidential data. He will have to look for any counterfeit documents, fake checks and bogus bank statement in black and white, in addition to looking for digital evidence residing inside the fraudster’s computer system. According to Angelopoulou (2007), what makes the process lengthy is that the investigator has to go through two investigative categories, that is, going through the victim’s system and through the criminal’s system. The digital data found in the victim’s computer will help in obtaining evidence and that found in the fraudster’s computer will prove it. The main theme of the investigation is that what information might have been stolen (for example, in a financial fraud ID theft, basic things to be investigated are stolen identity, credit record, transactions, billing, and claims for new bank accounts or loans) and what procedure might have been used to steal this information. It is important for the investigator to have a warrant issued first. Pladna states that “just like the need for a warrant to search someone and their property, everyone involved in the computer forensics process needs authorization from the proper authorities to monitor and collect information related to a computer intrusion” (2008: 4). Moreover, clauses of respective laws and legislations must be followed in order to legalize the whole process. Pladna has listed three laws that forensic investigation should follow, namely, “Wiretap Act (18 U.S.C. 2510-22); Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27); and the Stored Wired and Electronic Communication Act (18 U.S.C 2701-120)”. Both the victim’s and the fraudster’s computers must be kept in the same state in which they were before investigation (Wilson 2008: 20). 5.2.1. Case Study Mr. A sent his computer’s hard disk to the computer forensic lab to be scrutinized. He was suspecting one of his employees, Mr. B, to be involved in identity theft by misusing the system. How would he expect the forensic investigation to proceed? In such a case, the digital investigation starts on certain basic phases, which include: Analysis. In this phase, the investigator will have to clearly observe the activities taken place and taking place. He will collect the digital media as input and copy the source which is the hard disk in this case. The source will help in the analysis of ID theft data that will serve as evidence. This analysis will tell whether that data belongs to the victim or to the criminal, that is, whether the Mr. A is the victim or Mr. B is the victim. The data has to be analyzed from both the claimant and the suspect’s end because the inputs from the two sides guides the investigation to two different standpoints. Hypothesis. In this phase, the investigator will have to decide how to proceed and which strategies to follow based on the findings of observation and the evidential data. Prediction. This phase is to support the hypothesis, like asking questions like who took the data, how was it stored and why was it brought out of the storage. The investigator will make the criminal’s profile from two inputs- victim and criminal which will help him in clarifying who is the victim. Testing. This phase is important so as to evaluate the whole investigative process. During this phase, the digital data will be retrieved to have it examined. After collecting all necessary files to be inspected, the unallocated or free disk space on the hard drive is scrutinized because it may contain traces of deleted files and folders. To restore deleted files which exist as strings, bit-stream-copy method is used (Pladna 2008: 7). These retrieved files or gathered evidential data have to be protected so as to eliminate chances of inadvertent alterations. Presentation. When the evidence has been collected and analyzed, the investigator will take it to a separate place where the computer forensic report is prepared for presentation to the court. 5.3. Required Softwares The ID theft investigative procedure requires a number of special softwares and hardware tools. The investigator must be well equipped with softwares that help to make backups of the digital data, encrypt and decrypt the data and track Internet Protcol addresses. He should have complete knowledge of software for data recovery and system restore. Moreover, there is a very helpful hardware imaging tool that makes bit-by-bit copies of digital data. The forensic investigator must have good knowledge of how to use these tools so as to successfully accomplish the task. 6. Ethical, Moral and Social Issues There are some socio-ethical issues regarding forensic computing and identity theft that should be considered both at the system’s user’s end and at the forensic investigator’s end. 6.1. For System’s User It is important to educate the users of computer systems and the internet about “intellectual property rights issues, privacy/ surveillance issues, access to data issues and issues of human-computer interaction” (Stahl, Carroll-Mayer & Norris 2006: 298). They should be able to relate principled reasoning to ethical cases. They should know that the other person’s identity is something that is his own property and not theirs; that they have no right upon others’ personal information, and they cannot use or disclose it without the owner’s permission. A virtual world businessman should respect his employees’ and clients’ personal identification data and should take measures to lock and protect the databases and data warehouses from unauthorized access. Even at very personal level, an internet user must know that he is supposed to protect and defend the second person’s identification information and at the same time, he should be aware of security breaches proposed by the World Wide Web so the he is able to protect his own identity. 6.2. For Forensic Investigator Since computer forensics is a newly emerging field, not much has been written and said about ethical norms for the admissibility of evidence to the court. However, the security professionals should be familiar with laws and legislation that have been passed in order to make sure that internet frauds like identity theft do not take place. They should be aware of privacy rights and ethical and moral clauses found in these laws so that they may be able to better solve the case. They must know what legal issues are involved in handling a standalone computer system. “Not only must they discover incriminating evidence they must also do it in a lawful manner” (Wegman 2006). Only then, the evidence will be admissible in the court. Before starting the investigative procedure, an investigator must have a search warrant issued before handling the suspect’s computer system. The Fourth Amendment to the U.S. Constitution, Wegman states, defines that the magistrate is liable to issue the search warrant after the investigator submits and affidavit that should state the cause of investigation and the limits of the suspect’s privacy that is going to be violated. The time that the computer is to be analyzed is also pre-decided by the magistrate or the warrant. For example, it may be in the warrant that the investigator can analyze the computer system for fifteen days after the issuance of the warrant. That should also be followed. 7. Summary Since, the number of internet-savvy persons or e-consumers is increasing day by day, internet crime is also increasing at the same rate, and identity theft is one such crime. It intimidates our computers and personal safety. Whether one is just surfing the internet or is carrying out multinational Second Life business, the identification security breach is always there thanks to highly technical tools helping the criminals to carry out the crime easily. Computer forensics has, however, helped a great deal in dealing with and recovering from ID theft cases. The procedure might be lengthy but time can be saved by following a well-structured approach as described in this report. There are laws regarding e-consumers’ data protection that need to be followed. The forensic investigators have to be very specific in following rules and regulations in order to make their evidence admissible to the court. They have to follow the socio-ethical norms and respect the citizens’ liberty. The users must be aware of the risk they face while disclosing their information over the internet so that they play their role in combating the crime of identity theft. Figure 1: Structured approach to investigative procedure (Losey 2009) References Anderson, M 2008, ‘Identity theft in financial crime cases’, Identity Theft: Computer Forensics to the Rescue, viewed 7 March 2010, Angelopoulou, O 2007, ‘The “solitary” of ID theft towards computer crime incidents’, ID Theft: A Computer Forensics’ Investigation Framework, viewed 8 March 2010, eNotes 2009, ‘Consumer rights and protection’, Encyclopedia of Everyday Law, viewed 8 March 2010 Hernandez, A 2008, Internet Identity Theft - Wireless Network Security Issues, viewed 7 March 2010 Keller, J 2007, ‘The importance of military information security’, Military and Aerospace Electronics, viewed 8 March 2010, Newman, R 2009, Computer Security: Protecting Digital Resources, Jones & Bartlett Publishers, United States. Pladna, B 2008, ‘Procedures for gathering evidence’, Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them, viewed 9 March 2010, Social Security Administration 2009, ‘Identity theft and your social security number’, Social Security (Publication No. 05-10064), viewed 7 March 2010, Stahl, B, Carroll-Mayer, M & Norris, P 2006, ‘Legal, professional, and ethical content’, Forensic Computing: The Problem of Developing a Multidisciplinary University Course, viewed 10 March 2010, Structured approach to investigative procedure 2009, digital photograph, Losey Ralph, viewed 6 March 2010, US-CERT 2008, ‘What is computer forensics?’, Computer Forensics, viewed 6 March 2010, Vacca, J 2005, ‘Identity theft’, Computer Forensics: Computer Crime Scene Investigation, 2nd edn., Cengage Learning, United States. Wegman, J 2006, Computer Forensics: Admissibility of Evidence in Criminal Cases, viewed 10 March 2010, Wilson, D 2008, ‘Scene of the crime vs. the crime scene’, Forensic Procedures for Boundary and Title Investigation, illustrated, John Wiley and Sons, United States. Read More